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DETAILED ACTION 
Docketing 

1 . Please note that the application has been re-docketed to a different examiner. 
Please refer all future communications regarding this application to the examiner of 
record using the information supplied in the final section of the Office action. 

This Office action is responsive to the Applicant's Amendment filed 03/14/2007. 
Claims 1,11 and 20 are amended. 
Claims 1-20 are pending in the application. 

Response to Arguments 

2. Applicant's arguments with respect to claims 1 , 1 1 , 20 have been considered but 
are moot in view of the new ground(s) of rejection with Bradley et al. (U. S. Patent No. 
6,651 ,096) hereinafter Bradley. 

Applicant argues, "Gai also fails to teach the steps for associating two or more 
access control lists with a given files system object" (Page 4 of Remarks). 

Examiner respectfully disagrees with this argument. Gai explicitly discloses, 
"First, a network administrator creates one or more access control lists in a 
conventional manner. For example, the administrator preferably utilizes a conventional 
text editor at a management station (not shown) to create the access control lists. 
FIGS. 5A-5E are highly schematic representations of text-based ACLs 416a-416e, 
respectively. Each access control list, such as ACL 416a, is given a name, such as 
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ACL 101, and is preferably arranged in a table array having multiple rows and columns. 
Each row of the ACL, such as ACL 416a, corresponds to an Access Control Entry 
(ACE) statement, such as ACE statements 502-514, which specify the various criteria 
for the ACL 416a. The columns of the ACL represent the specific criteria with which 
network messages are compared. For example, ACLs 416a-416d each include a 
separate column for source address 516, destination address 51 8, source port 520, 
destination port 522 and protocol 524. Those skilled in the art will understand that 
greater or fewer message criteria may be employed. In addition, each ACL includes an 
action column 526 that corresponds to the particular action that is to be applied to 
network messages matching a corresponding ACE statement. In the preferred 
embodiment, permissible actions include pemriit, deny, permit and log, and deny and 
log" (col. 7, lines 15-39). 

Furthermore. Gai discloses, "Those skilled In the art will understand that other 
actions may be specified. For example, a possible action may be to execute a 
particular program stored in the non-volatile or dynamic memory of the device. That is, 
the action of a first ACE may be to execute application "abc", while the action of a 
second ACE is to execute application "xyz". Another possible action Is to return a tag 
to be concatenated with other fields of the message (e.g., fields other than those used 
for comparison with the first ACL) and compare this concatenated tag and the other 
fields with the ACEs of a second ACL. This may be useful for determining patterns that 
exceed the size of the associative memory or TCAM 410" (col. 40-51). Therefore, Gai's 
reference Is maintained. 



Application/Control Number: 10/687,258 Page 4 

Art Unit: 2135 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject niatter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary sl<ill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1-3, 8,10-13,18 and 20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Gai et al. (U. S. Patent No. 6,651,096) hereinafter Gal in view of 
Bradley et al. (U. S. Patent No. 6,651 ,096) hereinafter Bradley. 

Regarding Claims 1 and 20, Gai discloses a method for managing access control 
lists in a filesystem (see abstract, "organizing, storing and evaluating access control 
lists"), the method comprising: 

associating two or more access control lists (see Fig. 4, elements 416a-416e) 
with a given filesystem object, (see col. 7 lines 15-51); 

Gal does not disclose "in a heterogeneous filesystem, wherein the 
heterogeneous filesystem comprises two or more differing types of filesystems." 

However, Bradley explicitly discloses in a heterogeneous filesystem, wherein the 
heterogeneous filesystem comprises two or more differing types of filesystems 
(Abstract, col. 7, lines 30-40 and col. 18, lines 1-24). 
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Therefore, it would fiave been obvious at the time the invention was made to a 
person having ordinary skill in the art to have Incorporated Bradley's Invention within 
Gai to include in a heterogeneous filesystem, wherein the heterogeneous filesystem 
comprises two or more differing types of fllesystems. One of ordinary skill in the art 
would have been motivated to do this because there is a need for a file system that can 
efficiently grant access to heterogeneous platform (Bradley col. 3, lines 9-10). 

Gal and Bradley disclose the limitations of Claims 1 and 20 above. Gai and 
Bradley further disclose responsive to receiving, from a requester, a request for an 
access control list associated with the given filesystem object (Gai see col. 4, lines 26- 
32; col. 7, lines 24-32), determining a filesystem type of the requester (Gai see col. 5, 
lines 13-21; col. 7, lines 29-34; col. 8, lines 9-15); and 

returning an access control list from the two or more access control list for the 
given filesystem object matching the filesystem type of the requestor (see Gal col. 8, 
lines 14-15, "Once a match is located, the corresponding action is returned and 
processing stops") and (see Bradley Figures 7 and 9, col. 18, lines 1-25). 

Regarding Claims 2 and 12, Gal and Bradley disclose the limitations of Claims 1 
and 20 above. Gai further discloses detemiining whether an access control list matching 
the filesystem type of the requester exists (see col. 5, lines 13-21; col. 7, lines 29-34; 
col. 8, lines 9-15); and responsive to a determination that a matching access control list 
exists, returning the matching access control list (see col. 8, lines 14-15, "Once a match 
Is located, the corresponding action is returned and processing stops"). 
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Regarding Claims 3 and 13, Gai and Bradley disclose the limitations of Claims 1 
and 20 above. Gai further discloses wherein the step of returning the matching access 
control list (see col. 8, lines 14-15, "Once a match is located, the corresponding action is 
returned and processing stops") includes accessing the matching access control list 
using an access mechanism (see col. 7, lines 24-27, ACE-Access Control Entry) 
associated with the filesystem type of the requester (see col. 5, lines 13-21; col. 7, lines 
29-34; col. 8, lines 9-18). Examiner notes the protocol field in the ACE is associated 
with the filesystem type of the requester and is used for access. 

Regarding Claims 8 and 18. Gai and Bradley disclose the limitations of Claims 1 
and 20 above. Gai further discloses wherein the step of associating two or more access 
control lists with a given filesystem object (see col. 7 lines 16-32) includes storing the 
two or more access control lists in file storage (see Fig. 4, element 408, NVRAM) with 
the given filesystem object (see col. 6, lines 1-2 & 13-18; col. 7, 60-66, "ACLs 416a- 
41 6e may be downloaded to device 316 ... and stored at NVRAM 408."). 

Regarding Claim 10, Gai and Bradley disclose the limitations of Claims 1 and 20 
above. Gai further discloses wherein an access control list storage (see Fig. 4, element 
41 0, TCAM) is provided an for each directory, each filesystem, or for each portion of a 
file system (see col. 6, lines 24-27, "apportioned segments 410a-e"; col. 6, lines 31-35; 
col. 9, lines 22-31). 
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Regarding Claim 11. Gai discloses a filesystem, wherein the file system, (see 
abstract, "organizing, storing and evaluating access control lists"), and wherein the 
filesystem includes and a plurality of access mechanisms (see col. 7, lines 24-27, ACE- 
Access Control Entry) and wherein each access mechanism of the plurality of access 
mechanisms is associated with a filesystem type (see col. 5, lines 13-21; col. 8, lines 9- 
15). 

Gai does not disclose "the heterogeneous a heterogeneous filesystem and a 
plurality of differing filesystem types." 

However, Bradley explicitly discloses the heterogeneous a heterogeneous 
filesystem and a plurality of differing filesystem types (Abstract, col. 7, lines 30-40 and 
col. 18, lines 1-24). 

Therefore, it would have been obvious at the time the invention was made to a 
person having ordinary skill in the art to have incorporated Bradley's invention within 
Gal to include in the heterogeneous a heterogeneous filesystem and a plurality of 
differing filesystem types. One of ordinary skill in the art would have been motivated to 
do this because there is a need for a file system that can efficiently grant access to 
heterogeneous platform (Bradley col. 3, lines 9-10). 

Gai and Bradley disclose the limitations of Claims 1 and 20 above. Gai and 
Bradley further disclose a file storage (see Fig. 4, element 408). wherein the file 
storage has stored therein at least one filesystem object (see col. 7, lines 29-32) and 
wherein a given filesystem object within the at least one. filesystem object has 
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associated therewith two or more access control lists (see Fig. 4, elements 416a-e; col. 
6, lines 15-18); wherein the filesystem, responsive to receiving from a requester a 
request for an access control list associated with the given filesystem object (see col. 
4, lines 26-32; col. 7, lines 24-32), determines a filesystem type of the requester (see 
col. 5, lines 13-21; col. 7, lines 29-34; col. 8, lines 9-15) and returns an access control 
list from the two or more access control list for the given filesystem object matching the 
filesystem type of the requestor (see Gai col. 8, lines 14-15, "Once a match is located, 
the corresponding action is returned and processing stops") and (see Bradley Figures 
7 and 9, col. 18, lines 1-25). 

4. Claims 4-7, 9,14-17 and 19 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Gai and Bradley and further in view of HItz et al. (U. S. Patent No. 
6,457,130) hereinafter HItz. 

Regarding Claims 4 and 14, Gai discloses further comprising: responsive to a 
determination that a matching access control list does not exist (see col. 8, lines 24-26; 
col. 7, lines 24-27, "If no ACE of the subject ACL matches the message, an implicit 
action located at the end of the ACL is typically returned"), 

Gai and Bradley do not disclose "providing a new access control list for the 
filesystem type of the requestor; and returning the new access control list." 

However, Hitz explicitly discloses responsive to a determination that a matching 
access control list does not exist (see col. 6, lines 1-2), providing a new access control 



Application/Control Number: 10/687,258 Page 9 

Art Unit: 2135 

list for the filesystem type of the requester (see col. 8, lines 26-34, new access control 
limits); and returning the new access control list (see col. 8, lines 12-16; col. 8, lines 35- 
40; col. 8, lines 60-62). 

Therefore, it would have been obvious at the time the invention was made to a 
person having ordinary skill in the art to have combined Hitz's invention within Gai and 
Bradley to include the step of providing a new access control list for the filesystem type 
when a matching access control list does not exist of the requester and returning the 
new ACL. One of ordinary skill in the art would have been motivated for the purpose of 
enforcing file access control among client devices using multiple diverse access control 
models and multiple diverse file server protocols (see Hitz col. 2, lines 36-40). 

Regarding Claims 5 and 15, Hitz discloses wherein the step of returning the new 
access control list (see col. 8, lines 12-16; col. 8, lines 12-16; col. 8, lines 35-40; col. 8, 
lines 60-62) includes accessing the new access control list (see col. 8, lines 26-29; 
"When the file has its access control limits modified") using an access mechanism 
associated with the filesystem type of the requester (see col. 4, lines 8-1 1 & lines 43-56, 
ACE-access control entries). 

Regarding Claims 6 and 16, Hitz discloses wherein the step of providing a new 
access control list for the filesystem type of the requestor (see col. 8, lines 26-34, new 
access control limits) includes translating an existing access control list to the filesystem 
type of the requester (see col. 6, lines 1-10). 



Application/Control Number: 10/687,258 Page 10 

Art Unit: 2135 

Regarding Claims 7 and 17, Hitz discloses wherein the step of providing a new 
access control list for the filesystem type of the requester (see col. 8, lines 26-34, new 
access control limits) includes providing a default access control list for the filesystem 
type of the requester based on rules associated with the filesystem (see col. 6, lines 10- 
13). 

Regarding Claims 9 and 19, Gai discloses wherein the step of associating two or 
more access control lists with a given filesystem object (see Gai col. 7 lines 16-32). 

Gai and Bradley do not disclose storing a native access control list in file storage 
with the given filesystem object and storing one or more non-native access control lists 
in access control list storage separate from the file storage. 

However, Hitz discloses storing a native access control list (see col. 4, lines 8-1 1 , 
"NT ACL") in file storage (see Fig. 1, element 112; col. 4, lines 43-48, NT security style) 
with the given filesystem object and storing one non-native access control list (see col. 
4, lines 8-1 1 , "Unix Perms") in access control list storage separate from the file storage 
(see col. 4, lines 8-25, Unix security style). 

Therefore, it would have been obvious at the time the invention was made to a 
person having ordinary skill in the art to have combined Hitz's invention within Gai and 
Bradley to include the native and non-native access control list stored separately. One 
of ordinary skill in the art would have been motivated for the purpose of enforcing file 
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access control among client devices using multiple diverse access control models and 
multiple diverse file server protocols (see Hitz col. 2, lines 36-40). 



Conclusion 

5. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth In 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Baotran N. To whose telephone number is 571-272- 
8156. The examiner can normally be reached on Monday-Friday from 8:00 to 4:30. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Infomnation regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-2.17-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

BT 

05/25/2007 
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